$615 Million Axie Hack Linked to North Korea By US Authorities

The recent hack of Axie Infinity sidechain Ronin, thought to be the biggest crypto hack in history, has been linked to North Korea, according to US authorities.

The Office of Foreign Assets Control (OFAC) recently announced it was adding an Ethereum address to Lazarus Group’s SDN entry as an identifier.

Lazarus Group is one of the most notorious hacking groups in history, which is believed to be run by the government of North Korea.

According to blockchain tracking firm Chainalysis, the address that the OFAC linked was the same address that received 173,000 ETH after the Ronin hack.

“The attribution of the Ronin hack to Lazarus Group underlines two industry needs Chainalysis has highlighted previously: Understanding of how DPRK-affiliated threat actors exploit crypto, and better security for DeFi protocols,” Chainalysis said, adding “The newly designated ETH address has now been labelled in the Sanctions category in all Chainalysis products.”

Ronin said the hack, which happened last month, occurred when an attacker managed to take control over the private keys for its validator nodes and the nodes for the Axie Infinity Decentralized Autonomous Organization (DAO).

The hacker then used the keys to make fake withdrawals which weren’t noticed until a user reported not being able to withdraw 5,000 ETH from the platform’s bridge.

According to the post mortem report, the attacker found a weakness stemming from November of last year when Sky Mavis, the company behind Axie Infinity, requested help from the Axie DAO to distribute free transactions due to an overload of users.

Sky Mavis was only supposed to be able to sign transactions on the DAO’s behalf temporarily, but allowlist access was not properly revoked. This meant the attacker was able to use Sky Mavis as a backdoor to access The Ronin bridge and Katana Dex.

In its latest report, Chainalysis says that hackers are stealing more from decentralized finance (DeFi) platforms than ever before.

“In the past, cryptocurrency hacks were largely the result of security breaches in which hackers gained access to victims’ private keys—the crypto-equivalent of pickpocketing. Ronin Network’s March 2022 breach, which enabled the theft of $615 million in cryptocurrency, has proven the continued effectiveness of this technique.”

Before the Ronin attack, the biggest DeFi hack on record was last year when a bad actor exploited the Poly Network for $613 million. In the case of Poly Network though, the funds were eventually returned for a "small" white-hat reward of $500,000.